diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-08-26 10:42:40 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-08-25 20:38:11 -0400 |
commit | a750ccb5a2c525e9c117f6139583a710ec4fb656 (patch) | |
tree | 7c599d56a35b9e0fa867ac1d93bb09b58d0661df /ipa-client/ipa-join.c | |
parent | 9dd689ff9d4e167f00802b39bea390b763a5a7e9 (diff) | |
download | freeipa-a750ccb5a2c525e9c117f6139583a710ec4fb656.tar.gz freeipa-a750ccb5a2c525e9c117f6139583a710ec4fb656.tar.xz freeipa-a750ccb5a2c525e9c117f6139583a710ec4fb656.zip |
Disable reverse lookups in ipa-join and ipa-getkeytab
This prevents broken DNS from causing enrollment problems.
https://fedorahosted.org/freeipa/ticket/1693
Diffstat (limited to 'ipa-client/ipa-join.c')
-rw-r--r-- | ipa-client/ipa-join.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index f6ca6936..aac80976 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -213,6 +213,13 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { goto fail; } + /* Don't do DNS canonicalization */ + ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON); + if (ret != LDAP_SUCCESS) { + fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n")); + goto fail; + } + ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to set LDAP version\n")); |